Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

The update issued June 30 includes a number of critical fixes for Mac OS X systems and comes roughly a month after Apple issued a massive update for about 40 vulnerabilities. The previously disclosed flaws in Ruby are memory corruption issues that, according to Apple, exist in Ruby's handling of strings and arrays. The most serious can lead to arbitrary code execution.

"Running a Ruby script that uses un-trusted input to access strings or arrays may lead to an unexpected application termination or arbitrary code execution," Apple warned in its advisory.

Further reading

The update also includes fixes for nine vulnerabilities in Apache Tomcat version 4.x, which is bundled on Mac OS X v10.4.11 systems. Updating to version 4.1.37 addresses these vulnerabilities, the most serious of which can lead to a cross-site scripting attack.

Among the other fixes is a patch for a flaw in Launch Services caused by a race condition in the download validation of symbolic links, when the target of the link changes during the narrow time window of validation. The flaw can be triggered by visiting a maliciously crafted Web site if the "Open 'safe' files" preference is enabled in the Safari Web browser, leading to code execution. The issue does not affect Mac OS X 10.5 or later.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.